Host Privilege Configuration

Administrative permissions are necessary for managing container environments. Verify the active session and elevate privileges:

id
sudo -i

If the administrative account lacks credentials, assign them using:

echo "root:strongpass" | chpasswd

Network Isolation and Remote Access

Configuring the virtual machine network adapter to NAT mode isolates the lab topology via vmnet8 while permitting outbound connectivity through the host IP. To facilitate remote terminal access from the host workstation, deploy an SSH daemon:

apt update & apt install -y openssh-server

Modify the daemon parameters to permit administrative logins:

SSH_CFG="/etc/ssh/sshd_config"
cp $SSH_CFG ${SSH_CFG}.orig
sed -i 's/^#PermitRootLogin.*/PermitRootLogin yes/' $SSH_CFG
sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication yes/' $SSH_CFG
systemctl enable --now ssh

Resolving Local Port Conflicts

Default configurations may reserve port 53 for local DNS resolution, which conflicts with containerized DNS services. Identify active listeners and neutralize the conflict:

ss -tulnp | grep :53
NM_CFG="/etc/NetworkManager/NetworkManager.conf"
cp $NM_CFG ${NM_CFG}.orig
sed -i 's/^dns=dnsmasq/#dns=dnsmasq/' $NM_CFG
systemctl restart NetworkManager

Provisioning Docker and Vulhub

Acquire the container orchestration tools and the vulnerability repository:

curl -fsSL https://get.docker.com | bash
docker --version
apt install -y python3-pip
pip3 install docker-compose

Retrieve the Vulhub project assets and instantiate a specific vulnerable application:

git clone https://github.com/vulhub/vulhub.git /opt/vulhub_repo
cd /opt/vulhub_repo/flask/ssti
docker-compose build
docker-compose up -d

Following experimentation, tear down the resources to restore system state:

docker-compose down -v